On January 24, the European Data Protection Board (“EDPB”) adopted a report (“Report”) regarding the second annual review of the EU-U.S. Privacy Shield (“Privacy Shield”). In a press release accompanying the Report, the EDPB welcomed efforts by EU and U.S. authorities to implement the Privacy Shield, including in particular the recent appointment of a permanent … Continue Reading

Earlier this week, the European Commission (“Commission”) published its Report on the second annual review of the EU-U.S. Privacy Shield (“Privacy Shield”) (the Report is accompanied by a Staff Working Document). The Report concludes that the Privacy Shield “continues to ensure an adequate level of protection” for personal data transferred from the EU to the … Continue Reading

On July 20, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) published comments it received from a wide array of tech and telecom companies, trade groups, civil society, academia, and others regarding its “international Internet policy priorities for 2018 and beyond.” NTIA’s Office of International Affairs (“OIA”) had requested comments and … Continue Reading

On August 28, 2017, the U.S. Government Accountability Office (“GAO”) publicly released a report regarding consumer privacy issues associated with the rapidly increasing number of cars that are “connected”—i.e., capable of wirelessly monitoring, collecting, and transmitting information about their internal and external environments. The report examines four key issues: (1) the types of data collected … Continue Reading

The first annual review of the EU-U.S. Privacy Shield (“Privacy Shield”) is scheduled to occur in September 2017 in Washington, D.C. The first review is particularly important for the nascent framework, as regulators in both the U.S. and the EU are expected to closely scrutinize the operation of the first year of the Privacy Shield, … Continue Reading

Nearly 2,000 organizations are now listed as self-certified to the EU-U.S. Privacy Shield on the Department of Commerce’s (“Commerce”) Privacy Shield website. Given current developments on both sides of the Atlantic, there are likely to be significant Privacy Shield developments in the coming months. EU Justice Commissioner Věra Jourová recently concluded her visit to the … Continue Reading

In an interview with Politico (link requires a subscription), EU Justice Commissioner Věra Jourová, one of the principal architects of the EU-U.S. Privacy Shield, indicated that she plans to visit the U.S. once the Trump Administration is in place to assess the state of the new administration’s commitment to the Privacy Shield. In the interview, … Continue Reading

Last week, the multistakeholder group convened by the National Telecommunications and Information Administration (“NTIA”) to create set of voluntary best practices for the commercial use of facial recognition technology finalized its guidelines. While the three-page code of conduct was praised by industry groups, including the Software & Information Industry Association and Consumer Technology Association, many … Continue Reading

By Stephen Kiehl and Hannah Lepow Over the last year, the National Telecommunications and Information Administration, an arm of the Department of Commerce, has convened a series of meetings regarding voluntary best practices for privacy, accountability and transparency in the use of drones (“UAS”) by commercial and private users. A number of stakeholders have participated … Continue Reading

As noted in our post yesterday, the text of the EU-U.S. Privacy Shield, the upcoming trans-Atlantic data-transfer framework between the EU and U.S. to replace the invalidated U.S.-EU Safe Harbor, has been released by the U.S. Department of Commerce. Commerce’s release coincided with the release of a draft adequacy decision by the European Commission. A … Continue Reading

Today, the European Commission published the text of the new EU-U.S. Privacy Shield (see the Commission’s press release here), which consists of: a draft adequacy decision; the EU-U.S. Privacy Shield Framework Principles issued by the U.S. Department of Commerce; and the official representations and commitments contained in separate letters from: Secretary of Commerce Penny Pritzker … Continue Reading

As we reported yesterday, the United States and the European Commission have reached a political agreement on a new framework for transatlantic data flows, referred to as the EU-U.S. Privacy Shield. The U.S. Department of Commerce (“Commerce”) released a fact sheet yesterday to coincide with the announcement of the agreement. The fact sheet includes a … Continue Reading

On October 23, the Trans-Atlantic Business Dialogue held a briefing session on the EU-U.S. Safe Harbor Agreement. Ted Dean, Deputy Assistant Secretary at the U.S. Department of Commerce, gave an update on the negotiations with the European Commission. Following the Snowden revelations and a resolution of the European Parliament, the European Commission on November 17, … Continue Reading

Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity directs the National Institute of Standards and Technology (“NIST”) to develop a Cybersecurity Framework of standards, methodologies, and processes for addressing cybersecurity risk. It also charges the Department of Homeland Security with developing a Critical Infrastructure Cybersecurity Program to promote adoption of the Cybersecurity Framework by critical … Continue Reading

Privacy stakeholders gathered today at NTIA to once again discuss how the group might move forward in developing a code of conduct for mobile app transparency. While no decisions were made, the group identified a number of topics that would be appropriate to tackle early in the process. There also appeared to be consensus among … Continue Reading

As noted in our coverage of the inaugural Privacy Multistakeholder Meeting, NTIA promised to release meeting notes and the results of informal polls taken during the meeting. This information is now available on NTIA’s website, and includes notes in document format and images of the flipcharts used during the meeting. Additionally, NTIA has encouraged stakeholders … Continue Reading

Yesterday marked the inaugural Privacy Multistakeholder Meeting at the Department of Commerce, hosted by the National Telecommunication & Information Administration (“NTIA”). The meeting brought together representatives of technology companies, advertisers, consumer groups, and other stakeholders for a discussion of mobile application transparency and the process for future discussions and meetings. While the meeting did not … Continue Reading

The Office of Information and Regulatory Affairs (OIRA) recently released a model Privacy Impact Assessment (PIA) that federal agencies must use before they employ third-party websites and applications to communicate with the public. The new rules issued by OIRA, an arm of the White House’s Office of Management and Budget (OMB), build on rules the … Continue Reading

In a speech this week at the U.S. Chamber of Commerce, White House Deputy Chief Technology Officer for Internet Policy Daniel Weitzner announced that the Administration will soon roll out a “privacy bill of rights,” which he described as a “broad, high-level statement of principles” that could be enforced by the FTC. Weitzner emphasized that … Continue Reading

Jon Leibowitz, chairman of the Federal Trade Commission, and Cameron Kerry, general counsel of the Department of Commerce, spoke today about the need for industry codes of conduct to address emerging privacy issues. They were the featured speakers at an event held by the Brookings Institution on strategies to protect consumer privacy while ensuring continued … Continue Reading

As we previously discussed, the House Energy & Commerce Committee announced last month that it would be undertaking a comprehensive review of electronic privacy concerns. That process will kick off on July 14, 2011 with a joint hearing by the Commerce, Manufacturing, and Trade Subcommittee and the Communications and Technology Subcommittee. Regulators from the Federal … Continue Reading

by Katie Keith On June 16, 2011, the United States Chamber of Commerce organized a forum for business leaders addressing challenges to the free flow of electronic commercial information. Panelists included academics, government officials, and policy and privacy directors from Google, AT&T, GE, Citigroup, and IBM. The event was moderated by leaders from the Commerce … Continue Reading

The Commerce Department is calling for the creation of nationally recognized, voluntary codes of conduct to help strengthen cybersecurity protections for online businesses. The Department issued its recommendations in a green paper on “Cybersecurity, Innovation and the Internet Economy,” which was released on June 8, 2011. As noted in today’s Federal Register, the Department will … Continue Reading

On Wednesday, April 6, the Senate Judiciary Committee held a hearing to examine ECPA, the Electronic Communications Privacy Act. The hearing, which focused on the federal government’s perspective on ECPA reform, followed up on a hearing held last September and Sen. Patrick Leahy’s (D-VT) January 2011 pledge that “[t]he Judiciary Committee will continue the work … Continue Reading

About the Covington Data Privacy and Cybersecurity group

Repeatedly ranked as having one of the best privacy practices in the world, Covington combines exceptional substantive expertise with an unrivaled understanding of the IT industry, and of e-commerce and digital media business models in particular. Read More